From 8b402679acd587b22e8f5ffc14391c657f67f2f4 Mon Sep 17 00:00:00 2001 From: April John Date: Sun, 17 Mar 2024 17:36:49 +0100 Subject: [PATCH 1/7] sharkey wip (dont merge yet) --- pkgs/by-name/sh/sharkey/package.nix | 184 ++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 pkgs/by-name/sh/sharkey/package.nix diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix new file mode 100644 index 0000000000000..398059541b6ac --- /dev/null +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -0,0 +1,184 @@ +{ lib +, stdenv +, stdenvNoCC +, fetchFromGitLab +, substituteAll +, makeWrapper +, makeDesktopItem +, copyDesktopItems +, pipewire +, libpulseaudio +, libicns +, libnotify +, jq +, python3 +, pkg-config +, glib +, vips +, moreutils +, cacert +, nodePackages +, speechd +, withTTS ? true +}: +stdenv.mkDerivation (finalAttrs: { + pname = "sharkey"; + version = "2024.3.1"; + + src = fetchFromGitLab { + owner = "TransFem-org"; + repo = "Sharkey"; + domain = "activitypub.software"; + rev = "${finalAttrs.version}"; + hash = "sha256-+lu0l/TA2Ge/flTUyyV/i0uzh4aycSGVCSQMkush8zA="; + fetchSubmodules = true; + }; + + # NOTE: This requires pnpm 8.10.0 or newer + # https://github.com/pnpm/pnpm/pull/7214 + pnpmDeps = + assert lib.versionAtLeast nodePackages.pnpm.version "8.10.0"; + stdenvNoCC.mkDerivation { + pname = "${finalAttrs.pname}-pnpm-deps"; + inherit (finalAttrs) src version patches ELECTRON_SKIP_BINARY_DOWNLOAD; + + nativeBuildInputs = [ + jq + moreutils + nodePackages.pnpm + cacert + ]; + + pnpmPatch = builtins.toJSON { + pnpm.supportedArchitectures = { + os = [ "linux" ]; + cpu = [ "x64" "arm64" ]; + }; + }; + + postPatch = '' + mv package.json package.json.orig + jq --raw-output ". * $pnpmPatch" package.json.orig > package.json + ''; + + # https://github.com/NixOS/nixpkgs/blob/763e59ffedb5c25774387bf99bc725df5df82d10/pkgs/applications/misc/pot/default.nix#L56 + installPhase = '' + export HOME=$(mktemp -d) + + pnpm config set store-dir $out + pnpm install --frozen-lockfile --ignore-script + + rm -rf $out/v3/tmp + for f in $(find $out -name "*.json"); do + sed -i -E -e 's/"checkedAt":[0-9]+,//g' $f + jq --sort-keys . $f | sponge $f + done + ''; + + dontBuild = true; + dontFixup = true; + outputHashMode = "recursive"; + outputHash = "sha256-m+ue2KnAppgJtVQIfcgQ7MEvMePlsqpBquPDP25StUY="; + }; + + nativeBuildInputs = [ + copyDesktopItems + nodePackages.pnpm + nodePackages.nodejs + makeWrapper + python3 + pkg-config + ]; + + buildInputs = [ + glib + vips + ]; + + patches = [ + #./disable_update_checking.patch + ]; + + ELECTRON_SKIP_BINARY_DOWNLOAD = 1; + + preBuild = '' + export HOME=$(mktemp -d) + export STORE_PATH=$(mktemp -d) + export NODE_OPTIONS = "--max_old_space_size=4096" + + cp -Tr "$pnpmDeps" "$STORE_PATH" + chmod -R +w "$STORE_PATH" + + pnpm config set store-dir "$STORE_PATH" + pnpm install --offline --frozen-lockfile --ignore-script + patchShebangs node_modules/{*,.*} + ''; + + postBuild = '' + pnpm build --reporter=ndjson + ''; + + # this is consistent with other nixpkgs electron packages and upstream, as far as I am aware + installPhase = + let + # this is mainly required for venmic + libPath = lib.makeLibraryPath ([ + libpulseaudio + libnotify + pipewire + stdenv.cc.cc.lib + ] ++ lib.optional withTTS speechd); + in + '' + runHook preInstall + + mkdir -p $out/data + cp dist/linux-*unpacked/resources/app.asar $out/opt/Vesktop/resources + + mkdir -p $out/data/packages/client + ln -s /var/lib/misskey $out/data/files + ln -s /run/misskey $out/data/.config + cp -r locales node_modules built $out/data + cp -r packages/backend $out/data/packages/backend + cp -r packages/client/assets $out/data/packages/client/assets + + # https://gist.github.com/MikaelFangel/2c36f7fd07ca50fac5a3255fa1992d1a + + makeWrapper ${nodePackages.pnpm}/bin/pnpm $out/bin/sharkey \ + --run $out/data + --prefix LD_LIBRARY_PATH : ${libPath} \ + --prefix NODE_ENV : production + --add-flags start \ + ${lib.optionalString withTTS "--add-flags \"--enable-speech-dispatcher\""} \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + name = "vesktop"; + desktopName = "Vesktop"; + exec = "vesktop %U"; + icon = "vesktop"; + startupWMClass = "Vesktop"; + genericName = "Internet Messenger"; + keywords = [ "discord" "vencord" "electron" "chat" ]; + categories = [ "Network" "InstantMessaging" "Chat" ]; + }) + ]; + + passthru = { + inherit (finalAttrs) pnpmDeps; + }; + + meta = with lib; { + description = "An alternate client for Discord with Vencord built-in"; + homepage = "https://github.com/Vencord/Vesktop"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ getchoo Scrumplex vgskye pluiedev ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + mainProgram = "vesktop"; + }; +}) + From 226f622d872fb93cb6806e7796ffa64ca0061ef6 Mon Sep 17 00:00:00 2001 From: April John Date: Sun, 17 Mar 2024 17:40:38 +0100 Subject: [PATCH 2/7] make editorconfig happy --- pkgs/by-name/sh/sharkey/package.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix index 398059541b6ac..4125443de9059 100644 --- a/pkgs/by-name/sh/sharkey/package.nix +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -115,7 +115,7 @@ stdenv.mkDerivation (finalAttrs: { ''; postBuild = '' - pnpm build --reporter=ndjson + pnpm build --reporter=ndjson ''; # this is consistent with other nixpkgs electron packages and upstream, as far as I am aware @@ -173,12 +173,12 @@ stdenv.mkDerivation (finalAttrs: { }; meta = with lib; { - description = "An alternate client for Discord with Vencord built-in"; - homepage = "https://github.com/Vencord/Vesktop"; + description = "Sharkey description here"; + homepage = "https://joinsharkey.org"; license = licenses.gpl3Only; - maintainers = with maintainers; [ getchoo Scrumplex vgskye pluiedev ]; + maintainers = with maintainers; [ aprl ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; - mainProgram = "vesktop"; + mainProgram = "sharkey"; }; }) From e97d0a60987888581e497131a9d260f1333f3bcf Mon Sep 17 00:00:00 2001 From: April John Date: Sun, 17 Mar 2024 20:01:48 +0100 Subject: [PATCH 3/7] push changes --- pkgs/by-name/sh/sharkey/package.nix | 51 ++++++----------------------- 1 file changed, 10 insertions(+), 41 deletions(-) diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix index 4125443de9059..9dc0bdfa27718 100644 --- a/pkgs/by-name/sh/sharkey/package.nix +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -2,14 +2,10 @@ , stdenv , stdenvNoCC , fetchFromGitLab -, substituteAll , makeWrapper -, makeDesktopItem , copyDesktopItems -, pipewire -, libpulseaudio -, libicns -, libnotify +, jemalloc +, ffmpeg-headless , jq , python3 , pkg-config @@ -18,8 +14,6 @@ , moreutils , cacert , nodePackages -, speechd -, withTTS ? true }: stdenv.mkDerivation (finalAttrs: { pname = "sharkey"; @@ -95,10 +89,6 @@ stdenv.mkDerivation (finalAttrs: { vips ]; - patches = [ - #./disable_update_checking.patch - ]; - ELECTRON_SKIP_BINARY_DOWNLOAD = 1; preBuild = '' @@ -118,29 +108,23 @@ stdenv.mkDerivation (finalAttrs: { pnpm build --reporter=ndjson ''; - # this is consistent with other nixpkgs electron packages and upstream, as far as I am aware installPhase = let - # this is mainly required for venmic libPath = lib.makeLibraryPath ([ - libpulseaudio - libnotify - pipewire + jemalloc + ffmpeg-headless stdenv.cc.cc.lib - ] ++ lib.optional withTTS speechd); + ]); in '' runHook preInstall mkdir -p $out/data - cp dist/linux-*unpacked/resources/app.asar $out/opt/Vesktop/resources mkdir -p $out/data/packages/client - ln -s /var/lib/misskey $out/data/files - ln -s /run/misskey $out/data/.config - cp -r locales node_modules built $out/data - cp -r packages/backend $out/data/packages/backend - cp -r packages/client/assets $out/data/packages/client/assets + ln -s /var/lib/sharkey $out/data/files + ln -s /run/sharkey $out/data/.config + cp -r locales node_modules built fluent-emojis tossface-emojis sharkey-assets packages package.json pnpm-workspace.yaml $out/data # https://gist.github.com/MikaelFangel/2c36f7fd07ca50fac5a3255fa1992d1a @@ -148,32 +132,17 @@ stdenv.mkDerivation (finalAttrs: { --run $out/data --prefix LD_LIBRARY_PATH : ${libPath} \ --prefix NODE_ENV : production - --add-flags start \ - ${lib.optionalString withTTS "--add-flags \"--enable-speech-dispatcher\""} \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" + --add-flags migrateandstart runHook postInstall ''; - desktopItems = [ - (makeDesktopItem { - name = "vesktop"; - desktopName = "Vesktop"; - exec = "vesktop %U"; - icon = "vesktop"; - startupWMClass = "Vesktop"; - genericName = "Internet Messenger"; - keywords = [ "discord" "vencord" "electron" "chat" ]; - categories = [ "Network" "InstantMessaging" "Chat" ]; - }) - ]; - passthru = { inherit (finalAttrs) pnpmDeps; }; meta = with lib; { - description = "Sharkey description here"; + description = "🌎 A Sharkish microblogging platform 🚀"; homepage = "https://joinsharkey.org"; license = licenses.gpl3Only; maintainers = with maintainers; [ aprl ]; From 86235525c0b4ec3b2ac0c04d9c4e458fb85fef47 Mon Sep 17 00:00:00 2001 From: April John Date: Sun, 17 Mar 2024 20:54:37 +0100 Subject: [PATCH 4/7] premature module testing? --- nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/sharkey.md | 64 +++++++++++++++++ nixos/modules/services/networking/sharkey.nix | 70 +++++++++++++++++++ 3 files changed, 135 insertions(+) create mode 100644 nixos/modules/services/networking/sharkey.md create mode 100644 nixos/modules/services/networking/sharkey.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 627427262da63..adae874e0a533 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1103,6 +1103,7 @@ ./services/networking/searx.nix ./services/networking/shadowsocks.nix ./services/networking/shairport-sync.nix + ./services/networking/sharkey.nix ./services/networking/shellhub-agent.nix ./services/networking/shorewall.nix ./services/networking/shorewall6.nix diff --git a/nixos/modules/services/networking/sharkey.md b/nixos/modules/services/networking/sharkey.md new file mode 100644 index 0000000000000..0a28fc40a75f3 --- /dev/null +++ b/nixos/modules/services/networking/sharkey.md @@ -0,0 +1,64 @@ +# Sharkey {#module-services-sharkey} + +[Sharkey](https://joinsharkey.org) is a feature-rich ActivityPub microblogging server forked from Misskey. + +## Service configuration {#modules-services-sharkey-service-configuration} + +The YAML configuration file required by Sharkey is generated automatically from +[{option}`services.sharkey.settings`](options.html#opt-services.akkoma.settings). + +Here is how such a config can look: + +```nix +{ config, ... }: + +{ + services.misskey = { + enable = true; + settings = { + url = "https://fediverse.example.com/"; + port = 11231; + id = "aid"; + db = { + host = "/run/postgresql"; + port = config.services.postgresql.port; + user = "sharkey"; + db = "sharkey"; + }; + redis = { + host = "localhost"; + port = config.services.redis.servers.sharkey.port; + }; + }; + }; + services.postgresql = { + enable = true; + ensureDatabases = [ "sharkey" ]; + ensureUsers = [ + { + name = "sharkey; + ensurePermissions."DATABASE sharkey" = "ALL PRIVILEGES"; + } + ]; + }; + services.redis.servers.sharkey = { + enable = true; + bind = "127.0.0.1"; + port = 16434; + }; + services.nginx.virtualHosts."fediverse.example.com" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${toString config.services.sharkey.settings.port}/"; + proxyWebsockets = true; + }; + }; + }; +} +``` + +Please refer to the [official docs](https://docs.joinsharkey.org/docs/) +for additional configuration options. + diff --git a/nixos/modules/services/networking/sharkey.nix b/nixos/modules/services/networking/sharkey.nix new file mode 100644 index 0000000000000..8c79213b610e8 --- /dev/null +++ b/nixos/modules/services/networking/sharkey.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.sharkey; + + settingsFormat = pkgs.formats.yaml {}; + configFile = settingsFormat.generate "sharkey-config.yml" cfg.settings; +in { + options = { + services.sharkey = with lib; { + enable = mkEnableOption "sharkey"; + + settings = mkOption { + type = settingsFormat.type; + default = {}; + description = '' + Configuration for Sharkey, see + + for supported settings. + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + documentation.enable = false; + + systemd.services.sharkey = { + after = [ "network-online.target" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /run/sharkey/default.yml + cd ${pkgs.sharkey}/data + ''; + serviceConfig = { + StateDirectory = "sharkey"; + StateDirectoryMode = "700"; + RuntimeDirectory = "sharkey"; + RuntimeDirectoryMode = "700"; + ExecStart = "${pkgs.sharkey}/bin/sharkey"; + TimeoutSec = 60; + + # implies RemoveIPC=, PrivateTmp=, NoNewPrivileges=, RestrictSUIDSGID=, + # ProtectSystem=strict, ProtectHome=read-only + DynamicUser = true; + LockPersonality = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectProc = "invisible"; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "@system-service"; + UMask = "0077"; + }; + environment.NODE_ENV = "production"; + }; + }; + meta.maintainers = with lib.maintainers; [ aprl ]; + meta.doc = ./sharkey.md; +} + From 19755eaf817d46389fabbb550ee39c72e2048796 Mon Sep 17 00:00:00 2001 From: aprilthepink Date: Sun, 17 Mar 2024 23:43:07 +0100 Subject: [PATCH 5/7] fix build --- pkgs/by-name/sh/sharkey/package.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix index 9dc0bdfa27718..d98ed782727bd 100644 --- a/pkgs/by-name/sh/sharkey/package.nix +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation (finalAttrs: { assert lib.versionAtLeast nodePackages.pnpm.version "8.10.0"; stdenvNoCC.mkDerivation { pname = "${finalAttrs.pname}-pnpm-deps"; - inherit (finalAttrs) src version patches ELECTRON_SKIP_BINARY_DOWNLOAD; + inherit (finalAttrs) src version; nativeBuildInputs = [ jq From 5359d24a20d1d7c211cf2fb624f8f857f071fabe Mon Sep 17 00:00:00 2001 From: aprilthepink Date: Sun, 17 Mar 2024 23:48:45 +0100 Subject: [PATCH 6/7] fix build --- pkgs/by-name/sh/sharkey/package.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix index d98ed782727bd..2c0e6998dc90e 100644 --- a/pkgs/by-name/sh/sharkey/package.nix +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -94,7 +94,7 @@ stdenv.mkDerivation (finalAttrs: { preBuild = '' export HOME=$(mktemp -d) export STORE_PATH=$(mktemp -d) - export NODE_OPTIONS = "--max_old_space_size=4096" + export NODE_OPTIONS="--max_old_space_size=4096" cp -Tr "$pnpmDeps" "$STORE_PATH" chmod -R +w "$STORE_PATH" From b6b14541c0abd9d772d9e7bfd008bd9773e10a27 Mon Sep 17 00:00:00 2001 From: aprilthepink Date: Mon, 18 Mar 2024 00:39:56 +0100 Subject: [PATCH 7/7] manually execute postinstall script for vue thingy --- pkgs/by-name/sh/sharkey/package.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/by-name/sh/sharkey/package.nix b/pkgs/by-name/sh/sharkey/package.nix index 2c0e6998dc90e..57534b249b8ab 100644 --- a/pkgs/by-name/sh/sharkey/package.nix +++ b/pkgs/by-name/sh/sharkey/package.nix @@ -102,6 +102,11 @@ stdenv.mkDerivation (finalAttrs: { pnpm config set store-dir "$STORE_PATH" pnpm install --offline --frozen-lockfile --ignore-script patchShebangs node_modules/{*,.*} + + ( + cd node_modules/.pnpm/node_modules/v-code-diff + node scripts/postinstall.js + ) ''; postBuild = ''